eap pax draft clacy eap pax 05 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
EAP-PAX draft-clacy-eap-pax-05 PowerPoint Presentation
Download Presentation
EAP-PAX draft-clacy-eap-pax-05

Loading in 2 Seconds...

play fullscreen
1 / 10

EAP-PAX draft-clacy-eap-pax-05 - PowerPoint PPT Presentation


  • 117 Views
  • Uploaded on

T. Charles Clancy clancy@cs.umd.edu Department of Computer Science University of Maryland, College Park Laboratory for Telecommunication Sciences US Department of Defense IETF 64, EMU BoF, November 10, 2005. EAP-PAX draft-clacy-eap-pax-05. Overview.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'EAP-PAX draft-clacy-eap-pax-05' - afi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
eap pax draft clacy eap pax 05

T. Charles Clancy

clancy@cs.umd.edu

Department of Computer Science

University of Maryland, College Park

Laboratory for Telecommunication Sciences

US Department of Defense

IETF 64, EMU BoF, November 10, 2005

EAP-PAXdraft-clacy-eap-pax-05
overview
Overview
  • Basic shared-key mutual authentication method
  • Includes support for:
    • Ciphersuite extensibility
    • Provisioning with a weak key or password
    • Key management (deriving new authentication keys) with perfect forward secrecy (using Diffie-Hellman)
    • Identity protection / user anonymity
    • Authenticated data exchange (supports channel binding)
  • Provably secure
subprotocols pax std
Subprotocols: PAX_STD

CLIENT

SERVER

A

B, CID, MACCK(A, B, CID)

MACCK(B, CID)

ACK

changes since 04
Changes since -04
  • Completed full proof of security, publication pending, will be available online:

http://www.cs.umd.edu/~clancy/eap-pax/

  • Added support for the authenticated exchange of data, targeted at channel binding
subprotocols pax sec
Subprotocols: PAX_SEC

CLIENT

SERVER

M, PK or CertPK

ENCPK(M, N, CID)

A, MACN(M, CID)

B, MACCK(A, B, CID)

MACCK(B, CID)

ACK

certificate requirements
Certificate Requirements
  • Use of certificate with PAX_SEC is RECOMMENDED
security properties
Security Properties
  • Extensible Ciphersuite
    • MAC Primatives:
      • HMAC-SHA1
      • AES-CBC-MAC
    • Public-Key Primatives:
      • RSA-OAEP-2048
      • DH-3072, 256-bit exponents
  • Attack Resistance (dictionary, replay, negotiation)
  • Confidentiality (in ID protect mode)
provable security
Provable Security
  • Random Oracle Model [Bellare 93]
  • Supported primitives all act like Random Oracles [Bellare 94, Bellare 96, Bellare 00]
  • Assume probabilistic, polynomial-time attacker
  • EAP-PAX is secure against:
    • passive attacks if:
      • PAX_STD without DH: Key O(2k)
      • PAX_STD with DH: Key O(1)
      • PAX_SEC without DH: Key O(2k)
      • PAX_SEC with DH: Key O(1)
    • active attacks if:
      • PAX_STD: Key O(2k), auth limit O(kn)
      • PAX_SEC with cert: Key O(kn), auth limit O(1)
      • PAX_SEC without cert: Key O(2k), auth limit O(kn)
channel binding
Channel Binding
  • Validate lower-layer EAP parameters during authentication
  • Need secure mechanism for exchanging parameters
  • What is needed? Confidentiality? Authenticity?
  • PAX provides authenticity, but not confidentiality (would require additional symmetric-key ciphersuite)
  • Attach “Authenticated Data Exchange” frames during authentication once keys have been derived
channel binding1
Channel Binding

CLIENT

SERVER

A

B, CID, MAC, ADE(type1, value1)

MAC, ADE(type2, value2)

ACK, ADE(type3, value3)

ACK, ADE(typeN, valueN)

ACK, ADE(typeN+1, valueN+1)

EAP-Success / EAP-Failure